Open Source - OpenOffice Bitten by Code Execution Bugs - eWeek Security Watch | eWeek

OpenOffice Bitten by Code Execution Bugs

Written By
Ryan Naraine
Ryan Naraine
Apr 20, 2008
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

OpenOffice has issued a high-priority update to fix at least six vulnerabilities affecting users of its free desktop productivity suite.

The open-source group said the critical vulnerabilities affect OpenOffice.org suite versions prior to 2.4.

An alert from Symantec’s DeepSight TMS (Threat Management System) warns:

“Attackers may exploit these vulnerabilities by enticing victims into opening maliciously crafted files. This may be done by hosting files on a webpage or distributing them via email, file sharing, and instant messaging. A successful exploit will allow an attacker to execute arbitrary code in the context of the affected application.“

The technical details:

CVE-2007-4770/4771: A security vulnerability with the way OpenOffice.org 2 processes ODF text documents with XForms, using the third-party library ICU, may allow a remote unprivileged user who provides an OpenOffice.org document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running OpenOffice.org. No working exploit is known right now.

CVE-2007-5745/5747: A security vulnerability with the way OpenOffice.org 2 processes Quattro Pro files may allow a remote unprivileged user who provides an OpenOffice.org document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running OpenOffice.org. No working exploit is known right now.

CVE-2007-5746: A security vulnerability with the way OpenOffice.org 1.1 and 2 process EMF files may allow a remote unprivileged user who provides an OpenOffice.org document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running OpenOffice.org. No working exploit is known right now.

CVE-2008-0320: A security vulnerability with the way OpenOffice.org 1.1 and 2 process OLE files may allow a remote unprivileged user who provides an OpenOffice.org document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running OpenOffice.org. No working exploit is known right now.

The patches were originally released on March 27, but the security-related information was withheld “to ensure that all the products derived from the OpenOffice.org codebase had time to include these security fixes before the public announcement of the vulnerabilities,” OpenOffice said.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.